I'd suggest consulting on the record with a lawyer who has significant professional standing to lose.
Almost any "front" can be used to launder money, even an actual laundromat.
I am not a lawyer, but if I used my laundromat to launder money I would not expect to get off by saying "but laundry is not real money" nor "but all I was doing was smuggling real money into the laundromat and out again, not actually putting it in the washing machine!"
-MarkM-
Topic: Blind Bitcoin Transfers - page 2. (Read 14896 times)
Duncant, you say on your site that "The payout schedule for this service is not secure against analysis of the bitcoin chain."
Is that a reference to the problem that occurs when you have to few customers and/or to many different sizes of coin, or is it something else?
Is that a reference to the problem that occurs when you have to few customers and/or to many different sizes of coin, or is it something else?
The problem is that there are too many unique transaction sizes. I've had a fix to this problem in the pipeline for the last few weeks (see my last post), but what with the MtGox hack and my day job's machines all deciding to crash, I haven't gotten the chance to work on it solidly.
As you may have noticed, I've taken the site down for the weekend to get this and a few other bugs fixed. Everything will be back (and better) on Monday. The warning message that you quote will be gone because I'll have fixed that flaw.
Also, for anybody who's interested. I've consulted off-the-record with a few lawyers about the legality of this sort of thing. They're all of the opinion that this certainly does not constitute money laundering because bitcoin isn't "really money" in the eyes of the law. It could, possibly, be consider smuggling, but that is unlikely considering that no physical goods are exchanged.
I don't see how it could be. It is a purely mathematical process performed on some electronic data. Are we going to outlaw any electronic maths next? Is that the realm of insanity the totalitarians are taking us into? Money needs to be free or it no longer functions as money, and all society suffers for it.
Duncant, you say on your site that "The payout schedule for this service is not secure against analysis of the bitcoin chain."
Is that a reference to the problem that occurs when you have to few customers and/or to many different sizes of coin, or is it something else?
Is that a reference to the problem that occurs when you have to few customers and/or to many different sizes of coin, or is it something else?
The problem is that there are too many unique transaction sizes. I've had a fix to this problem in the pipeline for the last few weeks (see my last post), but what with the MtGox hack and my day job's machines all deciding to crash, I haven't gotten the chance to work on it solidly.
As you may have noticed, I've taken the site down for the weekend to get this and a few other bugs fixed. Everything will be back (and better) on Monday. The warning message that you quote will be gone because I'll have fixed that flaw.
Also, for anybody who's interested. I've consulted off-the-record with a few lawyers about the legality of this sort of thing. They're all of the opinion that this certainly does not constitute money laundering because bitcoin isn't "really money" in the eyes of the law. It could, possibly, be consider smuggling, but that is unlikely considering that no physical goods are exchanged.
Duncant, you say on your site that "The payout schedule for this service is not secure against analysis of the bitcoin chain."
Is that a reference to the problem that occurs when you have to few customers and/or to many different sizes of coin, or is it something else?
Is that a reference to the problem that occurs when you have to few customers and/or to many different sizes of coin, or is it something else?
Quote
This is an awesome quote. Do you mind if I use it in the future?
Don't mind, attributable to no one.
@fergalish: I'll do you one better. By Sunday, I'll have rolled out a new pay-out system that should resist statistical analysis of the block chain. I'm doing some testing on it right now, to make sure that it's actually as difficult to analyze as I want it to be. You'll be able to pay in as much as you want, but how I pay out will be the anonymizing part.
@noone: There's no way I can make you trust that the code I'm running on the server is what I'm distributing. However, this is not a requirement for the system to be trustworthy and secure. You only have to trust that the client code functions as advertised. It is easy (well maybe not easy, but possible) to review the client code in your browser before running it. The worst that I could do to a client running functionally correct code is run off with their money.
I'll post technical stats once I finish the new pay-out system. Actually, once I finish the pay-out system and make sure there aren't any bugs, I'll declare the technical part of the service finished. Then I'll start work on making a mobile-friendly version of the site.
I agree with noone on the privacy point, but just to have my bases covered, I'm saving up (poor, starving student, and all that) for a legal consultation. If it turns out that this sort of thing is a huge liability, I'll find somebody who wants to deal with it and hand over all my source and non-source assets to them so that the site doesn't go away.
This is an awesome quote. Do you mind if I use it in the future?
@noone: There's no way I can make you trust that the code I'm running on the server is what I'm distributing. However, this is not a requirement for the system to be trustworthy and secure. You only have to trust that the client code functions as advertised. It is easy (well maybe not easy, but possible) to review the client code in your browser before running it. The worst that I could do to a client running functionally correct code is run off with their money.
I'll post technical stats once I finish the new pay-out system. Actually, once I finish the pay-out system and make sure there aren't any bugs, I'll declare the technical part of the service finished. Then I'll start work on making a mobile-friendly version of the site.
I agree with noone on the privacy point, but just to have my bases covered, I'm saving up (poor, starving student, and all that) for a legal consultation. If it turns out that this sort of thing is a huge liability, I'll find somebody who wants to deal with it and hand over all my source and non-source assets to them so that the site doesn't go away.
Simply put, privacy is not just for criminals, because the medium of exchange, bitcoin, is a fully open public transaction record, everybody needs blinding in this scenario.
This is an awesome quote. Do you mind if I use it in the future?
Few questions;
- how do we know that the s/ware running on the web server is the same s/ware represented by the posted source code? (seems like this throws up an interesting technical problem of an "untrusted" server being verified to be running trusted source, maybe it has been solved elswhere?)
- can you list any relevant technical stats that are not revealing but may serve to build trust in the integrity of the servers operation? .... throughput, total tokens blinded, issued, redeemed, faults, etc
I disagree with this statement. Due to the public record of transactions of bitcoin, the most basic of transaction privacy can only be achieved by blinding services or "laundering" (perjorative, vague term anyway) ... the "most obvious client" is everyone who desires privacy for their individual transactions. Who amongst us would actually say "I prefer less privacy" when it concerns their own private transactions?
Simply put, privacy is not just for criminals, because the medium of exchange, bitcoin, is a fully open public transaction record, everybody needs blinding in this scenario.
- how do we know that the s/ware running on the web server is the same s/ware represented by the posted source code? (seems like this throws up an interesting technical problem of an "untrusted" server being verified to be running trusted source, maybe it has been solved elswhere?)
- can you list any relevant technical stats that are not revealing but may serve to build trust in the integrity of the servers operation? .... throughput, total tokens blinded, issued, redeemed, faults, etc
Quote
If you offered such a service with paper money, your most obvious clients would be organised crime and you'd probably be classified as a money launderer. I had been thinking of setting up a bitcoin mixer, but got turned off once I thought of this issue.
I disagree with this statement. Due to the public record of transactions of bitcoin, the most basic of transaction privacy can only be achieved by blinding services or "laundering" (perjorative, vague term anyway) ... the "most obvious client" is everyone who desires privacy for their individual transactions. Who amongst us would actually say "I prefer less privacy" when it concerns their own private transactions?
Simply put, privacy is not just for criminals, because the medium of exchange, bitcoin, is a fully open public transaction record, everybody needs blinding in this scenario.
Great work Duncan.
I didn't try it out, but the service looks promising. Nice work.
Nice site. Nice service.
You should consider allowing people to conduct transaction with the mixer of only a single size, e.g. 5BTC. Otherwise an attacker could try some statistical analysis to identify coins in with coins out. With a single transfer size, there will be no way to associate input size with output size.
Next, you really should check out the legalities of this. If you offered such a service with paper money, your most obvious clients would be organised crime and you'd probably be classified as a money launderer. I had been thinking of setting up a bitcoin mixer, but got turned off once I thought of this issue.
You should consider allowing people to conduct transaction with the mixer of only a single size, e.g. 5BTC. Otherwise an attacker could try some statistical analysis to identify coins in with coins out. With a single transfer size, there will be no way to associate input size with output size.
Next, you really should check out the legalities of this. If you offered such a service with paper money, your most obvious clients would be organised crime and you'd probably be classified as a money launderer. I had been thinking of setting up a bitcoin mixer, but got turned off once I thought of this issue.
+1
I can confirm that it is working, tried it with a 3-number sum of coins.
I can confirm that it is working, tried it with a 3-number sum of coins.
@TiagoTiago: Do you have a link to a discussion on how to best anonymize bitcoins? I've been sending all the bitcoins in my service to a single address (address, not account) from where they are eventually sent out when they are needed. I assumed that this was the "correct" way to do it because the address is the finest granularity one could observe. Thanks!
There was some discussion on the topic in that thread about Bitcoin safety for illegal trading and stuff for example, i think i was called somthing along the lines of "how safe is Bitcoin for illegal busyness" or somthing, not sure exactly; lemme know if you can't find it on the forum and i'll see if i find it in my inbox (been following that discussion)
@tehcodez: sorry you had a problem. As of this morning, I believe that I've fixed the problem that people were running into. Also, I implemented the session-recovery feature, so everything should be very robust. I'm glad I could be of service.
@bitlotto: Yes, right now the way the system is configured, you can wait up to 53 days to redeem the coins. You can also redeem them right away. I'm going to increase the amount of time that you can hold onto your tokens once I fix the last of the bugs. You should protect your tokens just like your bitcoin wallet. Anyone who gets that token can redeem it, and tokens can only be redeemed once.
@matonis: No hard feelings, everything is mostly ready to go. I'd have liked to get a little more of the explanation finished, but I'll just push out those changes as I finish them. Thanks for the kind words and the publicity!
I just read how Bitcoin Laundry's payout works. This seems like a very useful system. I'm going to look into the possibility of paying out for tokens over a period of time in random payments instead of all at once.
Once everything is stable, I'll make an announcement for anyone who's interested.
@bitlotto: Yes, right now the way the system is configured, you can wait up to 53 days to redeem the coins. You can also redeem them right away. I'm going to increase the amount of time that you can hold onto your tokens once I fix the last of the bugs. You should protect your tokens just like your bitcoin wallet. Anyone who gets that token can redeem it, and tokens can only be redeemed once.
@matonis: No hard feelings, everything is mostly ready to go. I'd have liked to get a little more of the explanation finished, but I'll just push out those changes as I finish them. Thanks for the kind words and the publicity!
I just read how Bitcoin Laundry's payout works. This seems like a very useful system. I'm going to look into the possibility of paying out for tokens over a period of time in random payments instead of all at once.
Once everything is stable, I'll make an announcement for anyone who's interested.
+1 to duncant. Nice planned implementation. I think I'm the one who found it over the weekend and tweeted it. Sorry to blow your cover, secret squirrel, but things are starting to move fast now. I also posted it to mikegogulski on the Bitcoin Laundry thread where it is being discussed here, http://forum.bitcoin.org/index.php?topic=6891.0
Fantastic! I've been wondering how long till something like this comes about.
Most of it was over my head though.
Could the user wait a long time to redeem the coins? Or do you normally do it right away? If I say, kept the token somewhere safe I could redeem it sometime in the future or would it expire eventually?
Most of it was over my head though.
Could the user wait a long time to redeem the coins? Or do you normally do it right away? If I say, kept the token somewhere safe I could redeem it sometime in the future or would it expire eventually?
+1 to duncant and his service. I had a problem getting at a blinded token, and he worked with me and restored my btc. Looking forward to his progress.
I have posted my source code here: https://blindbitcoin.com/blind-bitcoin.tar.gz the detached signature is here: https://blindbitcoin.com/blind-bitcoin.tar.gz.asc
Enjoy!
Enjoy!
@gongcheng: Thank you for your healthy skepticism. You can examine the client-side code in your browser and verify its correctness. The full source will be available by tomorrow (6/7/11) at 9AM EST.
Mark this, I believe it will be useful.
However, right now the source code is not available, so I can't trust you.
However, right now the source code is not available, so I can't trust you.
@TiagoTiago: Do you have a link to a discussion on how to best anonymize bitcoins? I've been sending all the bitcoins in my service to a single address (address, not account) from where they are eventually sent out when they are needed. I assumed that this was the "correct" way to do it because the address is the finest granularity one could observe. Thanks!
Jump to: